Website Privacy Notice
This privacy notice (“Privacy Notice”) explains how Provider ("Provider" or “we” or “our”) collects, uses and shares Personal Data (as defined below) from individual End Users using the administrative web-based platform (“Portal”).
Provider is committed to ensuring that Your privacy is protected. Should we ask You to provide certain Personal Data by which You can be identified when using the Portal, You can be assured that it will only be used in accordance with this Privacy Notice.
Provider may change this Privacy Notice from time to time by updating this page. You should check this page from time to time to ensure that You are happy with any changes.
1. Definitions
Unless otherwise defined in this Portal Privacy Notice, capitalized terms have the meaning given in the Master Service Agreement (“MSA”).
“Account” means the account created with Provider through the Portal that relates to Your subscription to, purchase, resale, distribution, promotion or use of services.
“Customer” means any legal entity having an Account with Provider through the Portal.
“Processing/To Process/Processed” means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.
“Third Party” means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the Controller or Processor, are authorized to process Personal Data.
“You”, “Your” or “User” means any individual end user using the Portal.
2. Scope of this Privacy Notice
This Privacy Notice governs our security and privacy practices in connection with any access to and use of the Portal as a Client or as a User.
3. Personal Data We Collect and How We Collect It
We collect Personal Data about You in the following ways:
Information That You Provide Us
Account Information
We may collect first and last name, email address, postal address, phone number and other similar contact data about Customer’s authorized employees, consultant or independent contractors. We collect this information when you register for our Services or through our Portal, using a form available online
Billing information is also collected directly by the payment processor for the purpose of Processing transactions when purchasing products or Services. This information is collected with the help of a Third-Party application that is integrated with the Portal.
Credentials
We collect passwords, password hints and similar security information used for authentication and Account access by using the online form on the Portal
Feedback and correspondence
We collect Your feedback and messages when You respond to surveys, report a problem with the Portal or other Services, receive customer support or otherwise communicate with Provider via the Portal.
Transaction information
We collect details about purchases You make through the Portal.
Personal Data That We Get From Third Parties
The Provider works with a payment processor for the Processing of transactions relating to the products or Services to which the Customer has subscribed. For transactions made in Canadian dollars, American dollars, Euros, or in British pounds, the payment processor used is Braintree (Paypal). The payment processor collects data related to payment, such as credit card numbers, as well as the expiration date and security code (CVC number). All payment data that you provide to complete a purchase on the Portal are collected and Processed directly by the payment processor. The payment processor is committed to comply with the PCI-DSS standards (Payment Card Industry Standards) and to adopting security measures that meet industry standards. Personal Data that is Processed by the payment processor is Processed independent of DNA-AS, Inc and is submitted based on the payment processor’s privacy policy: Braintree Privacy Statement | Braintree Payments. DNA-AS, Inc does not collect nor save your payment data and as such, hence DNA-AS, Inc is not responsible for how your data is processed by its Third Parties, who act as data controllers and are responsible for Processing it. We may obtain certain information from the payment processor, such as the last four numbers of the credit card used, the expiration date of the card used, and the email address used for your Paypal account. We may combine this information with the information that we have collected through our Portal.
DNA-AS, Inc may also obtain information, including Personal Data, from third parties. For example, when you request a free trial or software demonstration from us, when you register for a webinar or download content, or when you request information from a third-party website about our Services, similar or related services. We may also combine this information with the information that we have collected from our Portal.
Personal Data That Is Automatically Collected
Meta Data, Cookies and other Tracking Technologies
Whenever a User interacts with the Portal, Provider uses Cookies and other tracking technologies to automatically receives and records information sent by browsers or mobile apps, which may include information about the device, IP address, “cookie” information, the type of browser and device being used to access the Portal, screen resolution, browser language, device settings, application IDs, unique device identifiers, usage data and crash data. “Cookies” are identifiers Provider transfers to the browser or device of the Account User that allow Provider to recognize the Account User and their browser or device along with how our Portal is being utilized.
Session recording
We also use an application session recording solution to record the Account Users’ use of the Portal and we may link such recordings to the Account User and the Customer Account to optimize our support services and better resolve technical problems. Such recordings are only used to provide technical support services under the Agreement.
Analytics
4. How We Use the Personal Data That We Collect
We use Your Personal Data for the following purposes or as otherwise described to You at the time of collection:
To provide the Service
We use Your Personal Data for a variety of purposes, including to:
• operate our business;
• provide, operate, maintain and enhance our Services;
• enable You to access and use the Services, including the Portal;
• manage and communicate with You regarding Your Account, including by sending You
Service announcements, technical notices, updates, security alerts, and support and administrative messages. We collect analytics information when You use our Portal to help us improve the Portal and related content. We may also share anonymous data about Your actions on our Portal with third- party service providers of analytics services to optimize our services and content.
-
Process and complete transactions, and send You related information, including purchase confirmations and invoices;
-
Respond to Your requests for support or assistance; and
-
To better understand Your needs and interests and personalize Your experience with the
service.
To analyze the performance of the Portal
We may create aggregated and other anonymous data from our users’ Personal Data. We make Personal Data into anonymous data by removing information that makes the data personally identifiable to You. We may use this anonymous data and share it with third parties for our lawful business purposes.
For security, compliance, fraud prevention and safety
We may use Your Personal Data as we believe appropriate to (a) investigate or prevent violation of the law; (b) secure the Service; (c) protect our, Your or others’ rights, privacy, safety or property; and (d) protect, investigate and deter against fraudulent, harmful, unauthorized, unethical or illegal activity.
For compliance with law; legal claims
We may use Your Personal Data where permitted by law, to(a) comply with applicable laws, lawful requests and legal process, such as to respond to subpoenas or requests from government authorities; or (b) in connection with a legal or criminal investigation.
With Your consent
In some cases, we may ask for Your consent to collect, use or share Your Personal Data, such as when You let us post Your testimonials or endorsements in the Service.
5. How We Share Your Personal Data
This section discusses how Providers may share Your Personal Data with Third Parties in the context of the Portal.
We will not sell, distribute or lease Your Personal Data to Third Parties unless we have Your permission or are required or authorized by law to do so. We may share and disclose Your Personal Data in the following limited circumstances:
Affiliates
We may disclose Your Personal Data to our subsidiaries and Affiliates for use consistent with this Privacy Notice.
Third-Party Processors
Provider may retain the services of third parties to Process Your Personal Data on behalf of Provider in connection with the purposes identified above (“Processors”). Such Processors have entered into written agreements with Provider in accordance with applicable requirements. Our Processors are obligated to Process Your Personal Data only in accordance with our specific instructions and in accordance with the terms of this Privacy Notice and any written agreement entered into with Provider. These Processors include, for example, analytics companies, product feedback or help desk software providers, chat platform providers, email service providers and others.
Professional Advisors
Provider may disclose Your Personal Data to professional advisors, such as lawyers, bankers, auditors and insurers, where necessary in the course of the professional services they render to us.
Compliance with Laws
Provider may share or disclose data to comply with legal or regulatory requirements and to respond to lawful requests, court orders and legal processes.
Enforcing Our Rights, Preventing Fraud, and Safety
Provider may share or disclose data to protect and defend the rights, property, or safety of us or third parties, including enforcing contracts or policies, or in connection with investigation and preventing fraud.
Changes to our Business Structure
Provider may share or disclose data if we engage in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Provider’s assets, financing, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence).
6. National and International Transfers
We may transfer the information we collect about You to Third Parties that are located outside of Quebec or in countries other than the country where we originally collected it for the purposes of storage and Processing of data and operating our Services. Those countries may not have the same data protection laws as your country. However, when we transfer your information to other countries, we will protect that information as described in this Privacy Notice and take steps, where necessary, to ensure that international transfers comply with applicable laws.
The governmental authorities of these countries or territories may have access to your Personal Data through orders made in those jurisdictions and under the laws that apply there. Your Personal Data will always be protected by security measures based on industry standards of best practice.
7. How We Protect Your Personal Data
We are committed to ensuring that Your Personal Data is secure. In order to prevent unauthorized access or disclosure, we have put in place appropriate technical and organizational measures to safeguard and secure the Personal Data we process.
We also use technological measures such as secure routers and firewalls to help protect Personal Data. Information collected through the Portal is encrypted before it travels over the Internet using industry-standard technology for conducting secure online transactions. Unfortunately, because of its nature, we cannot guarantee against the loss or misuse of Personal Data transmitted over the Internet.
If, despite all our efforts, a data breach does occur, we shall do everything in our power to limit the damage. In case of a data breach which is likely to result in a high risk, and depending on the circumstances, we will inform You about remedial actions to prevent any further damage. We always inform the relevant supervisory authority or authorities without undue delay.
8. Personal Data Retention
We will retain Your Personal Data for as long as Customer maintains an Account for our Services, or as needed to provide our Services, comply with our legal obligations, resolve disputes and enforce our agreements. If we have no ongoing legitimate business need to process or retain Personal Data, we will either delete or anonymize it, or, if this is not possible (for example, because Your Personal Data has been stored in backup archives), then we will securely store y and isolate it from any further Processing until deletion is possible.
Your Personal Data is hosted on servers that are located in data centers in the United States of America and in the United States.
9. Organization-Administered Accounts
Where the Service is provided to You through a Customer, that Customer is the administrator of the Service and Account and Provider acts only as its service provider. We are not responsible for the privacy or security practices of these organizations, which have their own privacy policies, and we encourage You to contact them with Your privacy-related questions or requests to access, correct or delete Your Personal Data. Please note that the Customer’s administrator designated in the Account may be able to:
-
Require You to reset Your Account password;
-
Restrict, suspend or terminate Your access to the Service, including Your access to the
Portal;
-
Restrict, suspend or terminate Your rights and permission in the Account;
-
Access information in and about Your use of the Account;
-
Access or retain information stored as part of the Account;
-
Change the email address associated with the Account;
-
Change the primary contact of the Account and the authorized users of the Account;
-
Change the information, including the Account profile information; and
-
Restrict Your ability to edit, restrict, modify or delete information.
Please contact Your organization or refer to Your administrator’s organizational policies for more information.
10. Your Rights
Access, Correction, Amendment or Deletion Requests
Provider shall promptly notify a Customer if Provider receives a request from an individual for access to, correction, amendment or deletion of that person’s Personal Data. Provider shall not respond to any such individual request without the Customer’s prior written consent except to confirm that the request relates to that Customer.
Provider shall provide Customers with cooperation and assistance in a reasonable period of time and to the extent reasonably possible in relation to any request regarding Personal Data to the extent Customers do not have access to such Personal Data through their respective uses of the Services.
Customers may update or change their Account Information by editing their profile or organization record directly on the Portal.
If You are a Customer or otherwise provide us with Personal Data in connection with Your use of our Services, we will delete this information upon Your request, provided that, notwithstanding such request, this information may be retained for as long as You maintain an Account for our Services, or as needed to provide You with our Services, comply with our legal obligations, resolve disputes and enforce our agreements.
For any requests related to the Processing of Personal Data in terms of payments and transactions, we encourage you to communicate directly with our payment processor. You may consult their “Your Rights” sections from their privacy policy: Braintree Privacy Statement | Braintree Payments.
Regulatory Enquiries and Complaints
Provider shall, to the extent legally permitted, promptly notify a Customer if it receives an enquiry or complaint from a data protection authority in which that Customer is specifically named. Upon a Customer’s request, Provider shall provide the Customer with cooperation and assistance in relation to any regulatory inquiry or complaint involving Provider’s processing of Personal Data.
Legal Requests
In certain situations, Provider may be required to disclose Personal Data in response to lawful requests by public authorities, to respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. Provider may also share such information with relevant law enforcement agencies or public authorities if we believe same to be necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our Master Subscription Agreement, or as otherwise required by law.
If we ask You to provide Personal Data to comply with a legal requirement or to perform a contract with You, we will make this clear at the relevant time and advise You whether the provision of Your Personal Data is mandatory or not (as well as of the possible consequences if You do not provide Your Personal Data). Similarly, if we collect and use Your Personal Data in reliance on our (or a third party’s) legitimate interests which are not already described in this Notice, we will make clear to You at the relevant time what those legitimate interests are.